Merge branch 'develop' of github.com:solid/node-solid-server into group-acl-integration-uncaught-exception

Author: kjetilk

common/popup.html

@@ -1,4 +1,4 @@
-<form method="post" action="/login/tls">
+<form method="post" action="{{tlsUrl}}">
   <div class="form-group">
 
     <button type="submit" class="btn btn-primary" id="login-tls">
@@ -8,33 +8,3 @@
     {{> auth/auth-hidden-fields}}
   </div>
 </form>
-
-<script type="text/javascript">
-  const button = document.getElementById('login-tls')
-  button.addEventListener('click', function(event) {
-    event.preventDefault()
-    fetch('/login/tls', { method: 'POST', credentials: 'include' })
-      .then(function(response) {
-        const webId = response.headers.get('user')
-        const idp = new URL(webId).origin
-        const session = { authType: 'WebID-TLS', webId, idp }
-        const authClientNamespace = 'solid-auth-client'
-        let authClientStore
-        try {
-          authClientStore = JSON.parse(localStorage.getItem(authClientNamespace) || '{}')
-        } catch (err) {
-          authClientStore = {}
-        }
-        authClientStore.session = session
-        localStorage.setItem(authClientNamespace, JSON.stringify(authClientStore))
-        return response
-      })
-      .then(function(response) {
-        // Temporary solution to restore return URL
-        // until https://github.com/solid/oidc-auth-manager/issues/17 is resolved
-        const returnToUrl = localStorage.getItem('returnToUrl')
-        localStorage.removeItem('returnToUrl')
-        window.location.href = returnToUrl || '/'
-      })
-  })
-</script>

default-views/auth/login-tls.hbs

@@ -33,6 +33,15 @@
   </div>
 </div>
 
+<script>
+  // Send return URL from localStorage to server through hidden redirect_uri field
+  const returnToUrl = localStorage.getItem('returnToUrl')
+  if (returnToUrl)
+    for (let redirect of document.getElementsByName("redirect_uri"))
+      redirect.value = returnToUrl
+  localStorage.removeItem('returnToUrl')
+</script>
+
 <div class="container">
   <div class="row">
     <div class="col-md-4">

default-views/auth/login.hbs

@@ -29,8 +29,8 @@
   </form>
 </div>
 <script>
-  // Temporary solution to preserve return URL
-  // until https://github.com/solid/oidc-auth-manager/issues/17 is resolved
+  // Preserve return URL in localStorage
+  // (Do this on the client, because there might be a URL fragment the server can't see)
   const locationUrl = new URL(location)
   const returnToUrl = locationUrl.searchParams.get('returnToUrl')
   localStorage.removeItem('returnToUrl')

default-views/auth/select-provider.hbs

@@ -79,7 +79,7 @@ class LoginRequest extends AuthRequest {
   static get (req, res) {
     const request = LoginRequest.fromParams(req, res)
 
-    request.renderForm()
+    request.renderForm(null, req)
   }
 
   /**
@@ -157,37 +157,19 @@ class LoginRequest extends AuthRequest {
    * @return {string}
    */
   postLoginUrl (validUser) {
-    let uri
-
-    if (this.authQueryParams['client_id']) {
-      // Login request is part of an app's auth flow
-      uri = this.authorizeUrl()
+    // Login request is part of an app's auth flow
+    if (/token/.test(this.authQueryParams['response_type'])) {
+      return this.authorizeUrl()
+    // Login request is a user going to /login in browser
     } else if (validUser) {
-      // Login request is a user going to /login in browser
-      // uri = this.accountManager.accountUriFor(validUser.username)
-      uri = validUser.accountUri
+      return this.authQueryParams['redirect_uri'] || validUser.accountUri
     }
-
-    return uri
   }
 
   /**
    * Redirects the Login request to continue on the OIDC auth workflow.
    */
   redirectPostLogin (validUser) {
-    // TODO: Make the kludge below unnecessary (e.g., by separating OIDC and TLS auth).
-    // If we have arrived here in the WebID-TLS case,
-    // this means the client has done an AJAX POST request to /login/tls.
-    // If the WebID is external, and we send out a redirect to that external URL,
-    // there is a risk that this external URL returns a non-2xx response.
-    // This in turn makes the AJAX call on the client fail,
-    // and its success code is not executed because of that failure.
-    // To prevent this, we just reply a 204 for external WebIDs.
-    if (this.authMethod === TLS_AUTH && validUser.externalWebId) {
-      debug('Login successful with WebID-TLS')
-      return this.response.header('User', validUser.webId).status(204).send()
-    }
-
     let uri = this.postLoginUrl(validUser)
     debug('Login successful, redirecting to ', uri)
     this.response.redirect(uri)
@@ -196,13 +178,15 @@ class LoginRequest extends AuthRequest {
   /**
    * Renders the login form
    */
-  renderForm (error) {
+  renderForm (error, req) {
+    let queryString = req && req.url && req.url.replace(/[^?]+\?/, '') || ''
     let params = Object.assign({}, this.authQueryParams,
       {
         registerUrl: this.registerUrl(),
         returnToUrl: this.returnToUrl,
         enablePassword: this.localAuth.password,
-        enableTls: this.localAuth.tls
+        enableTls: this.localAuth.tls,
+        tlsUrl: `/login/tls?${encodeURIComponent(queryString)}`
       })
 
     if (error) {